fred2bug avatar image
fred2bug asked

Rest Api And OAuth2


I am currently trying to convert a console app from the Trading API to the REST API's using OAuth2 the authorization code grant flow. I have read so much and seen so many examples I think I am running around in circles.

I believe authorization code grant flow to be the correct method but I am not totally sure. I can get an access token via the client credentials grant flow but if I add any scope other than "" it errors with invalid scope. I have installed the OAuth2 client library but cannot see how to get an access token for this method of authorising.

I wondered if someone could answer 1 or more of the questions I have?

1. Am I totally off the mark with this?

2. Am I correct in thinking I need to obtain an access token using the authorization code grant flow?

3. Can this be achieved without thee need to physically login via a page or is this a one off call made when the app starts and then the token is refreshed until the app closes?

4. Can the OAuth2 client obtain a token using authorization code grant flow.


oauth2 oauth
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

amd_adnan avatar image
amd_adnan answered

Hi. The authorization code grant flow and the client credentials grant flow are two completely different flows and have their own scopes. Furthermore, there may be differences in scopes between the Sandbox and Production environments, so make sure you read the docs to know which scopes you'll need.

You've not mentioned which language you are developing in, but a basic outline for an ASP.NET Core webapp is as follows:

  1. In your web-app, the user clicks on a button or performs some action that requires eBay authorization.
  2. Your app checks if it already has a valid access token and if not redirects the user to the eBay URL created by GenerateUserAuthorizationUrl() in the OAuth Client Library.
  3. The user, now viewing the eBay page, logs in and grants your app permission to access their data.
  4. After successful login, the user is redirected back to your app, with a "code" querystring at the end of the URL.
  5. Your app then calls ExchangeCodeForAccessToken() to get the access token.

Here is an example of a simple Razor page that gets the access token and saves it to a json file:

using System;
using System.Collections.Generic;
using AutoMapper;
using eBay.ApiClient.Auth.OAuth2;
using eBay.ApiClient.Auth.OAuth2.Model;
using GakEbaySync.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using Microsoft.Extensions.Logging;

namespace GakEbaySync.Pages
    public class IndexModel : PageModel
        private readonly ILogger<IndexModel> _logger;
        private AppTokens _appTokens = new AppTokens();
        private readonly IMapper _mapper;
        private readonly OAuth2Api _oAuthClient;
        private readonly IList<string> _scopes = new List<string>()

        public IndexModel(ILogger<IndexModel> logger, IMapper mapper)
            _logger = logger;
            _oAuthClient = new OAuth2Api();
            _mapper = mapper;

        public IActionResult OnGet([FromQuery] string code)
            if (string.IsNullOrEmpty(code))
                return Redirect(GetUserConsentUrl());
                var oAuthResponse = _oAuthClient.ExchangeCodeForAccessToken(OAuthEnvironment.SANDBOX, code);

                _appTokens = _mapper.Map<AppTokens>(oAuthResponse);
                _appTokens.Filename = AppDomain.CurrentDomain.BaseDirectory + "apptokens.json";
            return Page();

        private string GetUserConsentUrl()
            var authUrl = _oAuthClient.GenerateUserAuthorizationUrl(OAuthEnvironment.SANDBOX, _scopes, null);
            return authUrl;
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.